| VID |
28011 |
| Severity |
30 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The shares of the system is accessed with no password.
And a vulnerability may exist in the password verification scheme utilized by Microsoft Windows 9x/Me SMB protocol implementation. This vulnerability will allow any user to access the Windows 9x file shared service with password protection. Potential attackers don't have to know the share password.
* Platforms Affected :
Microsoft Windows ME, 98, 95
* References:
http://www.iss.net/security_center/static/2358.php |
| Recommendation |
1. If do not need, remove the shares.
2. If do need necessarily, use after setting password.
3. If the system has a security flaw in the password verification scheme of shares, go to the following site, and download and install a patch.
Windos ME:
Microsoft patch 273991USAM
http://download.microsoft.com/download/winme/Update/11958/WinMe/EN-US/273991USAM.EXE
Windows 98se:
Microsoft patch 273991USA8
http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE
Windows 98:
Microsoft patch 273991USA8
http://download.microsoft.com/download/win98SE/Update/11958/W98/EN-US/273991USA8.EXE
Windows 95:
The patches are not available. The only way is not to make shares anymore. |
| Related URL |
CVE-1999-0519,CVE-1999-0520 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
